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The last gasp of the industrial air gap... 

Eireann Leverett 

BEng MPhil CSSLP CSSAISEB 


Libya 


Norwegian 

Sea 


North 

Atlantic 

Ocean 


Morocco 

Algeria 


Northwestern 

Passages 


Hudson 

Bay 


Gulf of St 


Laurence 








Airgap myths 


They are the default in industrial systems 

- I have more than 12k counter-examples for ICS 

- 22K more for HVAC and BMS 

They are easy to deploy and maintain 

- Networks aren’t static, they change over time 

They are cheap 

- They restrict business drivers like cross org info sharing 

They make attacks impossible 

- Stuxnet showed this is not the case 

- There are many insider or physical attacks that bridge air-gaps 

- Then you are soft and exposed, because you didn’t push AppSec 
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Industrial Control Systems 
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• How many are internet facing? 
- How do we measure that? 
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Back in 2002... 



“Trustworthy Computing is 
computing that is as 


available, reliable and secure 
as electricity, water services 
and telephony.” 
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Trustworthy Computing is a success then! 


Because the most popular OS I found was.... 
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I RTFM 
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Can’t air-gap? Use HTTP 401 at least! 



■ HTTP 200 
■HTTP 301 

■ HTTP 302 

■ HTTP 303 

■ HTTP 307 
■HTTP 401 

■ HTTP 404 

■ HTTP 500 

■ HTTP 503 
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What did I just tell you? 

We are statistically failing.... 

22K Building Management Systems and 
12K Industrial Control and UPS Systems and Devices 
Can be found in Shodan’s results with 52 queries 
Only 26% of the HTTP responses I NIT to Auth 
53% of had REMOTE vulns in ExploitDB or Metasploit 
I don’t pull LOCAL cause I already suffer SLEEPFAILS 
Many leak info like default passwords in HELP FILES 
LOL, WAT? 

Passwords. 


In 2012. 

For companies who sell “Critical National Infrastructure”. 
Find me at parties for LULZY screenshots! 


lOActive 


COMPREHENSIVE COMPUTER SECURITY SERVICES 




What air-gap? It’s roll up your sleeves time. 
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• Email: eireann (.) leverett [AT] ioactive (dot) co (dot) uk 

• Twitter: @blackswanburst 

• PGP: C97C1513 
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